Problems with government databases

LeBreton Flats in winter

By now, everyone has probably heard about the data loss debacle in the United Kingdom. The British government lost the child benefit records for 25 million people. These records include addresses, dates of birth, bank account information, and national insurance numbers. In total, 40% of the British population has been exposed to the risk of identity theft.

Obviously, this should never have happened. One government agency requested some anonymized data for statistical purposes. Instead, a different department sent them the whole dataset in an unencrypted format. Encrypting the discs would have made it nearly impossible for thieves to access the data; anonymizing the data would have made such theft unprofitable. The failure to do either is the height of idiocy, but it is probably what we need to expect from the civilian parts of government when it comes to data security. Security is hard; it requires clever people with good training, and it requires oversight to ensure that insiders are competent and not cheating. People who are naive and naturally helpful can always be exploited by attackers.

In response to this situation, two sets of things need to be done. The first is to correct the specific failures that cause this kind of problem: require encryption of sensitive documents in transit, limit who has access to such sensitive databases, and tighten the procedures surrounding their use. The second is to limit the amount of such data that is available to steal in the first place. That could involve using paper records instead of digital ones – making mass theft dramatically harder to accomplish. It may also involve not creating these kinds of huge databases, as useful as they may seem when working properly.

It is fair to say that there will always be people out there able to break into any information that a large number of civil servants have access to. This would be true even if all civil servants were capable and virtuous people, because a lot of the best computer talent is applied to breaking flawed security systems. Given that bureaucrats are human, and thus subject to greed and manipulation, the prospects for keeping a lid on government data are even worse. Acknowledging the realities of the world, as well as the principle of defence in depth, suggests that limiting the volume of data collected and held by all governments is an appropriate response to the general security risks highlighted by this specific incident.

Author: Milan

In the spring of 2005, I graduated from the University of British Columbia with a degree in International Relations and a general focus in the area of environmental politics. In the fall of 2005, I began reading for an M.Phil in IR at Wadham College, Oxford. Outside school, I am very interested in photography, writing, and the outdoors. I am writing this blog to keep in touch with friends and family around the world, provide a more personal view of graduate student life in Oxford, and pass on some lessons I've learned here.

12 thoughts on “Problems with government databases”

  1. “The failure to do either is the height of idiocy, but it is probably what we need to expect from the civilian parts of government when it comes to data security.”

    This may be true, but I am sure data control in the corporate world is far, far worse.

  2. Britain’s Data Chernobyl: more lost CDs full of thousands of personal records

    Britain’s Department for Work and Pensions has admitted to losing even more personal details of British residents in the form of mislaid CDs containing tens of thousands of records. This comes in the wake of last month’s revelation that the the Treasury had routinely posted (and mislaid) CDs containing the personal information of 25,000,000 British households that it had sent to Her Majesty’s Revenue & Customs through the post.

    The DWP has personal records from each local council sent in each month by TNT courier, the same courier that lost the CDs sent by the Treasury.

    The problem here isn’t just sending CDs full of personal info around. Collecting mountains of personal information on law-abiding citizens is inherently dangerous — just because it’s easy to do, it doesn’t follow that governments should do it. A system containing enormous amounts of high-value, high-risk information just begs to leak. Designing a government that requires this kind of data-retention and transfer is like designing a self-destruct button into a movie spaceship — something so dangerous that the designer should really be forced to answer the question: “Is this really worth the risk of it going wrong?”

  3. “The frightening thing is that when it happens, other councils are simply told, ‘don’t worry, just send us another disc’.”

  4. Security in Ten Years

    “In 10 years, computers will be 100 times more powerful. My desktop will fit into my cell phone, we’ll have gigabit wireless connectivity everywhere, and personal networks will connect our computing devices and the remote services we subscribe to. Other aspects of the future are much more difficult to predict. I don’t think anyone can predict what the emergent properties of 100x computing power will bring: new uses for computing, new paradigms of communication. A 100x world will be different, in ways that will be surprising.

    But throughout history and into the future, the one constant is human nature. There hasn’t been a new crime invented in millennia. Fraud, theft, impersonation and counterfeiting are perennial problems that have been around since the beginning of society. During the last 10 years, these crimes have migrated into cyberspace, and over the next 10, they will migrate into whatever computing, communications and commerce platforms we’re using.”

  5. “Another trend I see getting worse is government IT know-how. At the rate outsourcing has been brain-draining the federal workforce, by 2017 there won’t be a single government employee who knows how to do anything with a computer except run PowerPoint and Web surf. Joking aside, the result is that the government’s critical infrastructure will be almost entirely managed from the outside. The strategic implications of such a shift have scared me for a long time; it amounts to a loss of control over data, resources and communications.”

  6. “One of the most incredible things about the Revenue & Customs story is that a low-level government employee mailed a copy of the entire national child database to the National Audit Office in London. Did he have to? Doubtful. The best defense against data loss is to not have the data in the first place.”

  7. Passport applicant finds massive privacy breach


    From Tuesday’s Globe and Mail

    December 4, 2007 at 6:44 AM EST

    Canadian law does not require organizations to disclose when they’ve suffered security breaches. In the United States the majority of states have enacted legislation requiring organizations to disclose security breaches within a specified period of time.

    “I think it’s very clear that a strong, mandatory security-breach law is long overdue in this country and it’s cases like these that highlight it,” said Michael Geist, a law professor at the University of Ottawa.

    “The reality is, even with the resources and the best security people, you’re only as good as your weakest link,” Prof. Geist said. “One mistake can result in significant security breaches that can put huge amounts of personal information at risk.”

  8. Q: Considering the carelessness with which the government (state and federal) and commercial enterprises treat our confidential information, is it essentially a waste of effort for us as individuals to worry about securing our data?

    A: Yes and no. More and more, your data isn’t under your direct control. Your e-mail is at Google, Hotmail, or your local ISP. Online merchants like Amazon and eBay have records of what you buy, and what you choose to look at but not buy. Your credit card company has a detailed record of where you shop, and your phone company has a detailed record of who you talk to (your cell phone company also knows where you are). Add medical databases, government databases, and so on, and there’s an awful lot of data about you out there. And data brokers like ChoicePoint and Acxiom collect all of this data and more, building up a surprisingly detailed picture on all Americans.

    As you point out, one problem is that these commercial and government organizations don’t take good care of our data. It’s an economic problem: because these parties don’t feel the pain when they lose our data, they have no incentive to secure it. I wrote about this two years ago, stating that if we want to fix the problem, we must make these organizations liable for their data losses. Another problem is the law; our Fourth Amendment protections protect our data under our control — which means in our homes, in our cars, and on our computers. We don’t have nearly the same protection when we give our data to some other organization for use or safekeeping.

    That being said, there’s a lot you can do to secure your own data. I give a list here.

  9. Q: All ethics aside, do you think you could make more money obtaining sensitive information about high net worth individuals and using blackmail/extortion to get money from them, instead of writing books, founding companies, etc.?

    A: Basically, you’re asking if crime pays. Most of the time, it doesn’t, and the problem is the different risk characteristics. If I make a computer security mistake — in a book, for a consulting client, at BT — it’s a mistake. It might be expensive, but I learn from it and move on. As a criminal, a mistake likely means jail time — time I can’t spend earning my criminal living. For this reason, it’s hard to improve as a criminal. And this is why there are more criminal masterminds in the movies than in real life.

  10. The debate isn’t security versus privacy. It’s liberty versus control.
    You can see it in comments by government officials: “Privacy no longer can mean anonymity,” says Donald Kerr, principal deputy director of national intelligence. “Instead, it should mean that government and businesses properly safeguard people’s private communications and financial information.” Did you catch that? You’re expected to give up control of your privacy to others, who — presumably — get to decide how much of it you deserve. That’s what loss of liberty looks like.

    It should be no surprise that people choose security over privacy: 51 to 29 percent in a recent poll. Even if you don’t subscribe to Maslow’s hierarchy of needs, it’s obvious that security is more important. Security is vital to survival, not just of people but of every living thing. Privacy is unique to humans, but it’s a social need. It’s vital to personal dignity, to family life, to society — to what makes us uniquely human — but not to survival.

    If you set up the false dichotomy, of course people will choose security over privacy — especially if you scare them first. But it’s still a false dichotomy. There is no security without privacy. And liberty requires both security and privacy. The famous quote attributed to Benjamin Franklin reads: “Those who would give up essential liberty to purchase a little temporary safety, deserve neither liberty nor safety.” It’s also true that those who would give up privacy for security are likely to end up with neither.

Leave a Reply

Your email address will not be published. Required fields are marked *